Bug 6213 - [test] parsing of eval-type rules: allow unquoted domain names, disallow unmatched quotes (test still needed)
Summary: [test] parsing of eval-type rules: allow unquoted domain names, disallow unma...
Status: RESOLVED FIXED
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Libraries (show other bugs)
Version: 3.3.0
Hardware: All All
: P5 enhancement
Target Milestone: 3.3.2
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-09-30 07:51 UTC by Mark Martinec
Modified: 2011-05-19 12:03 UTC (History)
1 user (show)


Attachment Type Modified Status Actions Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Martinec 2009-09-30 07:51:01 UTC 
Instead of re-opening Bug 4419, here is a new entry.

Conf::Parser::pack_eval_method currently uses the following regexp:
  s/^\s*(?:['"](.*?)['"]|([\d\.:A-Za-z]+?))\s*(?:,\s*|$)//

1. The above allows most domain names to be given as arguments to eval rule
in unquoted form, except for domains with dashes. I propose we also allow
a minus in the character set, so that one can do:
  full T9 eval:check_dkim_valid(gmail.com, cc.yahoo-inc.com, yahoo.com)
instead of:
  full T9 eval:check_dkim_valid(gmail.com, 'cc.yahoo-inc.com', yahoo.com)

2. The current regexp allows argument with mismatched quotes like
'foo.com", and does now make it possible to specify a ' or " within
the quoted argument, e.g. "foo',bar" or 'foo",bar'.

Here is a proposed change to deal with both:

<<<
    while ($args =~ s/^\s*(?:['"](.*?)['"]|([\d\.:A-Za-z]+?))\s*(?:,\s*|$)//) {
      if (defined $1) {
        push @args, $1;
      }
      else {
        push @args, $2;
      }
    }

>>>
    local($1,$2,$3);
    while ($args =~ s/^\s* (?: (['"]) (.*?) \1 | ( [\d\.:A-Za-z-]+? ) )
                       \s* (?: , \s* | $ )//x) {
      if (defined $2) {
        push @args, $2;
      }
      else {
        push @args, $3;
      }
    }
Comment 1 Mark Martinec 2009-09-30 08:01:29 UTC 
  Bug 6213: parsing of eval-type rules: allow unquoted
  domain names, disallow unmatched quotes
Sending        lib/Mail/SpamAssassin/Conf/Parser.pm
Sending        lib/Mail/SpamAssassin/Plugin/DKIM.pm
Committed revision 820289.
Comment 2 Justin Mason 2009-09-30 08:15:58 UTC 
Mark, could you add some tests for those?  seems like it should be easy to test, and would be worth testing.
Comment 3 Justin Mason 2010-01-27 02:19:36 UTC 
moving most remaining 3.3.0 bugs to 3.3.1 milestone
Comment 4 Justin Mason 2010-01-27 03:14:52 UTC 
these were not supposed to go to security!  moving back out of that component, but now probably to the wrong components :( , but better than nothing.
Comment 5 Justin Mason 2010-01-27 03:15:20 UTC 
these were not supposed to go to security!  moving back out of that component, but now probably to the wrong components :( , but better than nothing.
Comment 6 Justin Mason 2010-01-27 03:16:00 UTC 
reassigning, too
Comment 7 Justin Mason 2010-03-23 16:32:49 UTC 
moving all open 3.3.1 bugs to 3.3.2
Comment 8 Karsten Bräckelmann 2010-03-23 17:42:17 UTC 
Moving back off of Security, which got changed by accident during the mass Target Milestone move.
Comment 9 Mark Martinec 2011-05-19 12:03:21 UTC 
Seems noone ( :-} ) is willing to write a test for this rather trivial
change. As the fix is in 3.3 and in trunk and has already proven itself,
I'll just close it. Please reopen if someone wants to insist on
having a test.